Electronic Specifier presents the Cyber Security forum at electronica

The increased reliance on connected, online systems is accelerating the way businesses communicate and share information, but it has also made them more vulnerable to cyber-attacks.

With an unprecedented number of people working in hybrid or fully-remote environments, there has never been a more critical time to effectively create and maintain a cyber-secure culture.

This forum will focus on four areas where implementing and maintaining cyber-security is key.

Automotive

Wednesday 16^th November

9.30am-11.00am

1. Understanding 3D security and its impact on safety 

Arnaud Van Den Bossche, Business Development Director, Green Hills

This presentation will assess the difference between safety and security and its impact on design and testing:

• Securing the connections (1st dimension)
• Ensuring security within the system (2nd dimension)
• Enabling security over time (3rd dimension)

About the speaker

Arnaud is a Business Development Director at Green Hills Software focusing on strategic partnerships and on the automotive sector. Prior to joining Green Hills, Arnaud was at NXP where he led the eCockpit and ADAS Business Development team from Munich. Before joining NXP in 2014, Arnaud worked at Texas Instruments for 18 years in several business development roles, living in countries including Taiwan, Japan, The Philippines, and others.

2. Securing your automotive nodes simplified

Harsha Jagadish, Product Marketing Manager, Microchip Technology

Security is a key requirement in automotive electronic control units and nodes. United Nations Economic Commission for Europe (UNECE) regulations mandate security in every node and adoption of ISO 21434 cyber security for road vehicles is gaining momentum. Every design now must support many of the security use cases like secure boot, secure firmware upgrade, node authentication and secure on- board communication.

Microchip has a strong legacy in offering robust secure solutions to simplify adding security to your designs. The latest products covering Digital Signal Controllers with integrated secure subsystem and Trust Anchor companion security devices enable adding security to your digital power, motor control, wireless power, advanced sensor interfacing and control, touch, and general automotive applications. Learn how Microchip and its team of experts can simplify securing your designs with its latest products and ecosystem.

About the speaker

Harsha Jagadish is a strategic Product Marketing Manager in Microchip Technology’s dsPIC33 digital signal controller business unit, leading the automotive high-performance embedded and secure solutions segment. He joined Microchip after earning a degree in Bachelor of Engineering – Electronics and Communication and Master of Business Administration and has thirteen years of experience in the semiconductor industry.

3. ISO21434 cybersecurity compliance for EV wireless battery management is essential

Lei Poo (PhD), Director of System Architecture, E-Mobility Group, Automotive Business Unit, Analog Devices

Wireless battery management for electric vehicles (EV) is now a reality. Going wireless is not without challenges. Technological innovations are needed to achieve wireless robustness to interference and to ensure safety. Yet the system would not be complete if system security was not considered from the beginning.

Proper consideration needs to be given for cybersecurity risk management across the lifecycle of a wireless battery management system (wBMS), which starts with a threat assessment if there is none publicly available. ISO21434 outlines a process for developing a secure product for use in automotive from concept to development to deployment and end-of-life. System security needs to account for all the stages in a product’s lifecycle, so that none of the lifecycle stages expose the weakest link due to unexpected behaviour or vulnerabilities.

Cybersecurity is a critical and urgent need that starts from holistic system design, even in systems which end up being sub-systems of bigger systems. Compliance to ISO21434 on a process level is not enough, the product itself needs to undergo levels of validation testing and vulnerability scanning to gain the proper assurance. For a mission critical application, the highest Cybersecurity Assurance Level (CAL 4) is necessary. This talk discusses wBMS security goals, how they are derived and developed on an ISO21434 compliant process, and what sets a secure wBMS solution apart from others.

About the speaker

Lei Poo is Director of Systems Architecture and part of the Systems Engineering team working on the Wireless Battery Monitoring System (wBMS) product line in the E-Mobility Group under the Automotive Electrification Business Unit in Analog Devices (ADI).

She previously led the Security Architecture and Platforms team to build hardware-embedded security into ADI’s IC products for both the wBMS and the Industrial Ethernet team. Prior to joining ADI in 2017, Lei was with NXP, Broadcom and Marvell.

4. The future challenges of secure software defined vehicles

Nicola Magistro, Automotive Application Manager, STMicroelectronics

The automotive industry has seen significant changes over the last 10 years, but the transformation it is seeing in the next few years will be even greater. A transition to software-defined vehicles is turning cars into computers on wheels and features enabled by software. Moreover, as this software is updateable over the air through the entire vehicle lifetime, vehicles may appreciate in value as software updates deliver improved performance and new features and functions over time, from the cloud.

While this transformation unlocks incredible opportunities to change the vehicle value proposition, it exposes the vehicle to risk of malicious security cyberattacks and threats. Here’s how we’re addressing these challenges.

About the speaker

Nicola Magistro is an Automotive Application Manager at STMicroelectronics. He is a seasoned professional with extensive experience across a range of embedded systems covering both automotive HW and SW. Nicola currently leads a multi-site/multi-competence team involved in projects in automotive MPU/MCU SW development, SW security, SW safety, connectivity, product benchmarking, radar, in-vehicle-infotainment, digital clusters, and telematics applications. He holds a master’s degree in Electronic Engineering from the Politecnico of Milan.

Embedded

Wednesday 16^th November

11.30am-1.00pm

1. The importance of cybersecurity risk analysis in embedded systems design

Erik Shreve – Product Security Analyst and Architect at Texas Instruments

How and where does one begin the task of securing an embedded system? While there are many guidelines published for adoption of security features, how can a project team determine which are required for their project and if they have any remaining gaps?

A Threat Analysis and Risk Assessment enables teams to systematically address cybersecurity risk in their system. This presentation will provide an overview of approaches, examples of typical threats and countermeasures, and provide references to additional materials enabling project teams to start their own assessment of their product.

About the speaker

Holding a M.Sc degree in Computer Science with a specialty in Information Assurance, Erik Shreve has been focused on cybersecurity for the last nine years of his 20 years of experience in embedded systems. He is co-chair of TI’s Product Security Council, a leader of TI’s Product Security Incident Response Team, and holds five cybersecurity relevant patents.

2. Cryptography for a post-quantum world

Mario Lamberger, Senior Principal Cryptographer, NXP Semiconductors

Quantum computing will deliver huge leaps forward in processing power, calculating in seconds what would take thousands of years to complete with today’s fastest supercomputers. But they also threaten online security as we know it, placing everything from critical infrastructure to healthcare to banking at risk.

To prepare for this, NIST recently selected new algorithms that will form the basis for post-quantum cryptography standards that can run on non-quantum computers to help keep our data and devices secure. But establishing protection against the threat posed by quantum computers isn’t as simple as just defining a new standard.

This session will cover the risks posed by quantum computers, the outlook for the new NIST standard and the steps in between, including updating devices already deployed, the difficulties in developing new embedded devices adapted to the new standard, and what the transition to a post-quantum world will look like.

About the speaker

Mario Lamberger joined NXP Semiconductors Austria in 2011, where he currently holds a position as Senior Principal Cryptographer as part of the Competence Centre Crypto & Security. His focus lies in random number generation, post-quantum cryptography and company-wide trainings on cryptography and security. Previously, he worked at the Institute of Applied Information Processing and Communications of Graz University of Technology (TU Graz) as a researcher and lecturer in cryptography and security where in 2012, he was awarded a habilitation for IT security. He is the author of 20+ scientific publications. Mario Lamberger holds a PhD degree in mathematics from TU Graz.

3. Security for IoT endpoint devices

Reinhard Keil, Senior Director of Embedded Technology, Arm

IoT devices expose significant risk when hackers break into systems. For example, a fish tank thermometer in a casino was misused to access countless gamblers’ profiles. There are billions of IoT devices deployed with the number only growing. It’s therefore no surprise that half of the respondents to a recent Forrester Research survey expressed concern about security. And most companies grapple with a security-skills gap in embedded development. 

Arm Senior Director, Embedded Technology, Reinhard Keil will describe how a standards and ecosystem-based approach to IoT development can help designers better secure devices and systems. He’ll discuss how Arm approaches a secure IoT, from flexible and secure IP at the chip level to software developer enablement through tools and security-compliance suites with in-field firmware update technologies – providing a clear path to end-to-end security in systems and networks. 

About the speaker

Reinhard Keil is Senior Director of Embedded Technology at Arm. His responsibilities include the definition and strategy of tools for Arm microcontrollers and the CMSIS (Cortex Microcontroller Software Interface Standard). He is founder of Keil Software and co-author of several key software products, such as Keil C51, Keil C166, and µVision. Today, Reinhard works on the next-generation software development tools for embedded, IoT, and ML applications which includes cloud-native and desktop development flows.

4. The use of eSIM as root of trust

Agostino Vanore, Mobile Security Product Marketing Manager, Secure Microcontroller Division, STMicroelectronics

The growth of cellular connected devices in the IoT and the importance to ensure data integrity and confidentiality for device-to-cloud communication, is pushing the need to adopt a universal standard. A SIM/eSIM is the mandatory tamper-resistant element (TRE) always present. It is the natural choice to host the standardised Root of Trust application, the GSMA IoT Safe applet.

About the speaker

After graduating from the University of Naples “Federico II” (Italy) in 1998 with a degree in Computer Science Engineering, and after gaining some experience at EDS (GM group), Agostino joined Incard in 2000. Incard was acquired by ST in 2003 and Agostino continued working in roles linked to SIM/eSIM operating-system development for telecom applications. In 2013, he moved to Product Marketing, defining SIM/eSIM products for telecom operators with a focus on IoT/Industrial/Automotive segments. In 2020 he joined ST’s Secure Microcontroller marketing team responsible for the ST4SIM, which enables cellular connectivity for application developers in the IoT, Industrial, and Automotive segments.

IoT

Thursday 17th November

2.00pm-3.30pm

1. Mandatory cybersecurity requirements and platforms built with security in mind

Hector Tejero, Solutions Architect, Engineering Services Group, Arrow Electronics

In some markets, up to 70% of electronic products have known security vulnerabilities. There are security properties that are desirable in systems and applications. In many applications these security properties are mandated by regulation.

As organisations transform towards service-led business models to allow them to be successful in the digital economy, security has an increasingly important role in delivering and consuming services. This presentation discusses these areas.

About the speaker

Hector Tejero is a Solutions Architect in the Engineering Services Group at Arrow Electronics.

Based in the Madrid greater region, Hector brings 20+ years of experience working in the Embedded and Services industry. He specialises in product and service design from ideation to realisation, with a focus on system architecture. In his role at Arrow, Hector guides and supports customers on technology choices to ideate products and services that meet their needs.

2. The AI that cannot be seen

Ian Ferguson, VP Sales and Marketing, Lynx Software Technologies

Almost every week, we read about a connected system that has been compromised. As a result of all this activity, cybersecurity has become a major focus for system designers that are architecting the next generation of connected embedded platforms.

Designers of the next generation of connected systems need to plan for their system to be compromised and focus technology on early recognition of that fact and then handle the incursion, to return the system to a known good state.

Much has been spoken about artificial intelligence for applications like camera vision etc. In this case, AI is applied in areas that the user cannot readily see, it lies embedded in the system to identify illicit attempts to gain access to the system. This presentation will explain the three phases of applying AI to this challenge.

About the speaker

Ian Ferguson is the VP of Sales and Marketing. As such, he is responsible for all aspects of the outward facing presence of Lynx Software Technologies to its customer, partner, press and analyst communities. He is also responsible for nurturing the partnership programme to accelerate engagement into automotive, industrial and IT infrastructure markets.

Ian spent nearly eleven years at Arm, where he held roles leading teams in vertical marketing, corporate marketing, and strategic alliances. Ian is a graduate of Loughborough University with a BSc in Electrical and Electrical Engineering.

3. Cybersecurity regulations in the IoT world!

Joe Lomako, Business Development Manager – IoT and Cybersecurity, TUV SUD

Cybersecurity regulation is growing in interest on a daily basis and there are many governments and standards organisations globally who are advocating and developing such standards. However, the pace of this development is slower than the increase of the cybersecurity threats.

This presentation provides and update on the current global position of the main cybersecurity standards and guidelines as well as a discussion point on what manufacturers could or should do as standards develop to ensure a good level of cybersecurity resilience and protection.

About the speaker

Joe has 27 years in the TIC industry, with expertise in EMC, EMF Exposure and wireless. His primary role has been helping wireless and high technology manufacturers and integrators to understand, implement and comply with global regulations. He is the cybersecurity laboratory manager at TUV SUD Ltd.

4. Solving connected device security challenges

Laurent Denis, Secure Microcontroller Marketing Manager, ST Microelectronics

This presentation will look athow semiconductor authentication solutions solve major connected-device security challenges and simplify loading sensitive device information at manufacturing.

About the speaker

Laurent Denis is the Secure Microcontroller Marketing Manager at ST Microelectronics. He is responsible for STSAFE, a semiconductor authentication solution offering brand protection and secure attachment services to consumables and connected objects.  

Medical

Thursday 17^th November

3.30pm-5.00pm

1. Cybersecurity in connected medical devices

Philip Hart, European Segment Leader, Microchip Technology

Philip Hart will present a case study on how a typical medical device cyber-attack develops, and the devastating consequences that follow. Then he will discuss how to mitigate the risks.

About the speaker 

Originally an electronics design engineer, Philip Hart has spent over three decades in sales and marketing of high-tech products. His experience covers semiconductors, embedded operating systems, software development tools and computer hardware and systems.

With more than 12 years at Microchip, Philip is the European Segment Leader for its Medical business, helping align Microchip’s broad technology portfolio with the needs of clients who design and manufacture increasingly complex medical devices

2. Embedded Designs: Building Blocks for Medical Device Security

Andreas Burghart, Senior Product Manager, Digi International

The challenges developers face in building medical secure product designs are increasing. Security attacks can occur at many points in the lifecycle of a medical product design. This means developers must have a robust strategy for embedded security that addresses the wide range of security vulnerabilities.

About the speaker

Andreas Burghart is a highly experienced IoT technologist and product manager. He has held multiple roles in his 20+ years at Digi, including engineering/management, product management, sales engineering, and business development. He has a deep knowledge of embedded technology, including embedded hardware, software development environments, and the critical steps involved in establishing a successful embedded design for today’s demanding applications. Andreas is recognised for his unique abilities as a multicultural liaison, exceptional communication skills and his strong international business background.

3. Securing IoT with certificated flash memory

Vincent Chen, Secure Flash Director, Winbond

Health devices with connected capabilities are typical examples of IoT devices. Security threats are fast increasing, especially memory-based cyberattacks. 'Secure by design' is a challenge for developers. Certificated flash memory can help developers to address security challenges and deliver a product to market on time.

Since 2015, Vincent Chen is responsible for Marketing and Application support at Winbond Electronic Security Solutions. He has worked for Roland, Dafeng, WPI and National Semiconductor, and has more than 28 years of professional experience in technology and marketing related fields.